You can use Microsoft Entra ID to log into SEMINE via Single Sign-On (SSO).
The following outlines the steps required to setup SSO accurately using Microsoft Entra ID with SEMINE.
- Select "Edit organization" in the Admin panel in Semine.
- Then select the Single Sign-on Setup tab.
| Field | Description | Example |
|---|---|---|
| Enabled | Activate Single Sign-On for the organization. | Checked to enable SSO |
| Scheme* | Unique identifier automatically generated for the SSO setup. | 3f44b0bf-e571-4214-ae70-70d6b4bebda5 |
| Display Name* | Choose the display name for the login button. | Abctest! |
| Authority* | Provided by the customer’s IT department or Partner. Typically the MS Entra TenantID. | https://login.microsoftonline.com/39bd492d-4ea9-4fc4-946b-b0b5951f1b5 |
| Client ID (MS Entra Application ID)* | Provided by the customer’s IT department or Partner. | 473B0893-0400-4e3b-8fb0-3cadc5ae5c60 |
| Client Secret | Provided by the customer’s IT department or Partner. | |
| Sign-in Scheme* | Authentication scheme used for signing in. | idsrv.external |
| Sign-out Scheme* | Authentication scheme used for signing out. | idsrv |
| Callback Path* | Unique redirect path that must be added to the Azure AD/Entra setup. | https://login.semine.no/signin-3f44b0bf-e571-4214-ae70-70d6b4bebda5 |
| Validate Issuer | Ensures tokens come from the correct issuer. | Checked |
| Get claims from userinfo endpoint | Retrieves additional user details like roles or email from the identity provider. | Checked |
| Clear default scopes | Optional. Clears preconfigured scopes if you want to define custom ones. | Unchecked |
| Disable login with SEMINE username and password | Optional. Restricts login to SSO only. | Checked if only SSO login should be allowed |
| Scopes | Additional scopes to request from the identity provider. | openid profile email |
| Domain names* | Customer’s allowed domain(s) for login. | domainName1.com, domainName2.com |
Microsoft Entra ID
Typically, your IT department or operating partner, responsible for managing O365/Entra, handles these tasks.
App Registrations
Go to Register an Application
- Name : SemineSSO
- Supported Account Types : Select: Accounts in this organizational directory only .
- Redirect URI: Retrieve from the SSO tab in Semine from the Callback-Path field (add https://login.semine.no to get a full URI)
Overview
Semine requires the following two values, and you need to input them into the Semine interface:
- Application (client) ID - Enter this into the field labeled ClientId
- Directory (tenant) ID - Enter this into the field labeled Authority
Certificates & Secrets
- Click on Certificates & Secrets
- Then on the New client secret
Create a New Client Secret
Generate a new client secret with the following details:
- Description: SemineSSO
- Expires: Optional, based on the customer's preference.
Click Add
It should now appear as follows:
Then select Token configuration
- Click on Add optional claim
- Token Type: Select ID and then select e-mail
In the next dialog box, check the following and then click Add
- Go to Authentication :
- Check the box for Id Tokens
- Select "Yes" on enable the following mobile and desktop flows
- Once you've saved these values in the SSO tab for Semine, SSO will be activated by a nightly job. Please inform support@semine.no if SSO is not working the day after your SSO setup is finished, or if activation is time-critical and we need to do this manually.
- Once confirmation of activation is received, you can sign in by clicking the button with your chosen name.
Comments
0 comments
Article is closed for comments.